10 Tips for BYOD in the Workplace

10 Tips for BYOD in the Workplace

A recent article by Business Insider reveals that allowing employees access to corporate data on their mobile devices increased the work day by an average of 2 hours. In the U.S., 37% spent over 10 hours on work-related tasks outside of the office.

As a company, you may benefit by adapting to these changing dynamics at the workplace, but at the same time, you have to ensure that your business is protected against anything that is not beneficial for your company. Here are the top ten tips for BYOD in the workplace:

Establish the ground rules for use of personal mobile devices. Before you go on listing the do’s and don'ts for your workplace conduct workshops, steered by the Information Technology (IT) team, with other stakeholders in the company: Human Resources (for employee management and labor laws), Legal (to avoid infringement of rights or laws), Security (to safeguard the workplace, employees, and the company), and other groups in the business. Don't forget your executives and users! The purpose of the activity is to discuss the foundation of rules. What questions need to be addressed in the creation of policies? Some of these are:

What types of devices are allowed in the office? Are you setting limitations on OS versions and device models?

Will the company be providing data plans? Will there be a limit to the data usage of employees?

Are there any national laws that need to be complied with?

What security measures will be deployed? Will you require encryption?

What applications and services are allowed to access the company’s data resources? What processes/operations are allowed?

What type of data is considered private and personal?

Assess and audit the existing technical assets, both personal and company-owned. It is crucial to know what devices go in and out of the workplace, not only for security but also to determine, from an IT perspective, how much bandwidth is being used and is required to support all these new mobile phones and tablets.

Simplify the registration process of devices to encourage employees to dutifully enroll their devices. This serves the purpose of assessment and audit of assets, and also is a means to effectively disseminate the rules around the BYOD initiative. The registration process can include having the employees sign the policy or agreement documents that make them accountable.

Organize the configuration of devices, preferably over-the-air. Aside from not needing additional manpower to set up devices in the workplace, configuring devices over-the-air aids the IT team in measuring the data usage of these gadgets. Create and distribute instructional guides on how to connect the devices to the network.

Provide DIY tools to employees such as password reset facility, data usage monitor, device locators and remote data wipes in case of loss, BYOD FAQs, and employee management tools to keep people engaged and committed to comply with the BYOD rules.

Establish measures to secure personal information such as personal emails, contacts, calendars, text messages, application data, call logs, and voicemails. These measures are not necessarily tools, these can be standards to prevent intrusion to personal data. One example is restricting IT personnel from accessing personal gadgets of non-IT employees by limiting their access permissions.

Segregate personal from corporate data to make data secure for both parties. There are several methods available from security appliances to make this possible. There can be a policy where certain applications can only be accessed by using a secure VPN; or setting up a separate network ID for personal gadgets and another for corporate gadgets. By separating these two, IT personnel may easily reconfigure a device for employees who leave or join the company.

Control data usage to protect the bandwidth requirement of the business and to ensure that employees are productive at work. Set thresholds. You don’t want employees to be downloading gigs of movies and TV shows, hogging the bandwidth for personal use.

Monitor non-compliance to BYOD policies. Aside from mitigating the risks to data security, monitoring violations will also enable IT to re-evaluate existing policies and limitations and potentially adjust the rules to make the BYOD program more effective without causing negative effects to employees and the company.

Assess and measure the success of the BYOD policy. With every change comes a need to gauge the impact of the change to the dynamics in the workplace. Start looking at ROI; did the BYOD policy increase or decrease productivity? Did it make employees happier, therefore producing higher-quality work? Did adding more bandwidth and processes cost the company negatively? What tangible and intangible results did this yield? What are the benefits of BYOD? ROI needs to be calculated to see how the company can better manage its resources.

There is no such thing as a “standard” in BYOD, what we can only provide are best practices, as BYOD policies may differ from one company to the other. Some companies such as financial institutions may have a totally different policy to that of a manufacturing firm; the end goal here is to enable employees to be able to use their own personal devices both as a means to enable them to work more effectively and to separate corporate and personal use and data for privacy and security.